A device and a communication method
Abstract
A device comprising: an input; a memory; and a processor module; configured to: store information in the memory defining a first isolated environment associated with a first user; responsive to a request received through the input, run the first isolated environment; authenticate the first user in the first isolated environment and, if the first user is authenticated, establish a first secure connection with the first user in the first isolated environment; and responsive to a user command received over the first secure connection; execute, in the first isolated environment, a first operation corresponding to the user command.
Claims
exact text as granted — not AI-modified1 . A device comprising:
an input; a memory; and a processor module, configured to:
store information in the memory defining a first isolated environment associated with a first user;
responsive to a request received through the input, run the first isolated environment;
authenticate the first user in the first isolated environment and, if the first user is authenticated, establish a first secure connection with the first user in the first isolated environment; and
responsive to a user command received over the first secure connection, execute, in the first isolated environment, a first operation corresponding to the user command.
2 . The device according to claim 1 , wherein the first operation comprises at least one of: cryptographic key generation, cryptographic key derivation, performing an encryption operation; performing a decryption operation and performing a digital signature operation.
3 . The device according to claim 2 , wherein a first master key associated with the first user is stored in the information in the memory defining the first isolated environment, wherein the first operation is executed using a first application key, and wherein the first application key is retrieved using the first master key.
4 . The device according to claim 1 , wherein a first public key is stored in the information in the memory defining the first isolation environment, the first public key being part of a first key pair comprising the first public key and a first private key associated with the first user.
5 . The device according to claim 4 , wherein a second private key is stored in the information in the memory defining the first isolated environment, the second private key being part of a second key pair comprising the second private key and a second public key.
6 . The device according to claim 5 , wherein authenticating the first user and establishing the first secure connection comprises:
receiving a communication comprising a first signature from the first user; validating, in the first isolated environment, the first signature using the first public key; generating a second signature using the second private key in the first isolated environment; sending a communication comprising the second signature to the first user.
7 . The device according to claim 6 , wherein authenticating the first user and establishing the first secure connection further comprises:
encrypting a third key using the first public key in the first isolated environment and sending the encrypted third key to the first user, or receiving an encrypted third key from the first user at the first isolated environment and decrypting the encrypted third key using the second private key; wherein the third key is used to encrypt communications between the first user and the first isolated environment thus providing the first secure connection.
8 . The device according to claim 1 , wherein the information in the memory defining the first isolated environment comprises information identifying program instructions which, when executed, cause the processor to perform the first operation.
9 . The device according to claim 8 , wherein a first version of the program instructions and a second version of the program instructions are stored in the memory, and wherein the information identifying the program instructions comprises an indication of the first version.
10 . The device according to claim 1 , wherein the processor module is further configured to:
store information in the memory defining a second isolated environment associated with a second user; responsive to a request received through the input, run the second isolated environment; authenticate the second user in the second isolated environment and, if the second user is authenticated, establish a second secure connection with the second user in the second isolated environment; and responsive to a user command received over the second secure connection, execute, in the second isolated environment, a second operation corresponding to the user command.
11 . The device according to claim 1 , wherein the information stored in the memory defining the first isolated environment associated with the first user comprises an encrypted file.
12 . A system comprising the device according to claim 4 , and a first user device, wherein the first user device operates a shielded virtual machine, and wherein the first private key is stored in the shielded virtual machine.
13 . A method of communication, comprising:
running a first isolated environment corresponding to a first user on a device in response to receiving a request; authenticating the first user in the first isolated environment and, if the first user is authenticated, establishing a first secure connection with the first user in the first isolated environment; receiving a user command over the first secure connection; and executing, in the first isolated environment, a first operation corresponding to the user command.
14 . A method of creating an isolated environment, comprising:
receiving a request to create an isolated environment associated with a first user; creating the first isolated environment associated with the first user; establishing a secure connection with the first user in the first isolated environment; receiving information allowing performance of one or more operations in relation to the first user over the secure connection.
15 . A non-transitory computer readable storage medium comprising computer readable code configured to cause a computer to perform the method of claim 13 .
16 . A non-transitory computer readable storage medium comprising computer readable code configured to cause a computer to perform the method of claim 14 .Join the waitlist — get patent alerts
Track US2024111907A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.